Fundamental human rights and freedoms
Article 19 of the Constitution of the Slovak Republic guarantees everyone the right to preserve human dignity, personal honour, reputation and protection of one's name, the right to protection against unwarranted interference with private and family life, and the right to protection against unlawful collection, disclosure or other misuse of personal data. GDPR (General Data Protection Regulation) is the European Union's data protection regulation 2016/679 and applies to every company in the EU, as well as government institutions and public organisations. In Slovakia, the legally binding framework is likewise the new Personal Data Protection Act NRSR No. 18/2018 Coll., both norms being effective as of 25 May 2018. The Office of the Commissioner for Children of the Slovak Republic respects all these rights in the performance of its tasks.
Personal data
The protection of personal data in the Slovak Republic is regulated by Act No. 18/2018 Coll. on the Protection of Personal Data Personal data are data relating to an identified or identifiable natural person, such person being a person who can be identified directly or indirectly, in particular on the basis of a generally applicable identifier or on the basis of one or more characteristics or attributes which constitute his or her physical, physiological, psychological, mental, economic, cultural or social identity.
Processing of personal data by the controller
The data controller is the Office of the Commissioner for Children, Odborárske námestie 3, 811 07 Bratislava, ID No.: 50159399, the statutory director is Prof. MUDr. Jozef Mikloško, PhD., and it currently has 16 employees. Responsibilities of the Office and the Commissioner for Children - involved in the protection of children's rights by promoting and enforcing the rights granted to children under the Convention on the Rights of the Child and international treaties to which the Slovak Republic is bound. Unlike other rights protection bodies, the Commissioner deals exclusively with children's rights. The cases or situations in which the Commissioner for Children may assist are defined by the provisions of Act No. 176/2015 Coll. on the Commissioner for Children and the Commissioner for Persons with Disabilities and on Amendments and Supplements to Certain Acts. Thus, the Office of the Commissioner for Children of the Slovak Republic is established by a separate act of the National Council of the Slovak Republic, and it is an independent state authority with precisely defined competences in the field of protection of children's rights, as well as an organisation that is financed from the state budget funds from the chapter of General State Administration.
For each controller in the Slovak Republic, including the Office of the Commissioner for Children of the Slovak Republic, after the entry into force of the GDPR Regulation, and thus the new Personal Data Protection Act No. 18/2018 Coll., a set of obligations applies to adopt such organisational technical and personnel measures so that the controller ensures the availability, confidentiality and integrity of the processing of personal data of natural persons in its personal data information systems and thus minimises the possible occurrence of security incidents. One of the measures is the assignment of a responsible person to supervise the protection of personal data pursuant to Article 44 of Act No 18/2018 Coll.
The data subject has the right to submit a request or complaint to the Office of the Commissioner for Children in relation to the protection and processing of his/her personal data. Any data subject who wishes to make a request or complaint and exercise his or her rights may do so by contacting the responsible person designated by the Office of the Commissioner for Children for the purpose of supervising the processing of personal data. The responsible person can be contacted:
- by email at: ochranaou@komisarpredeti.sk
- in writing to the Responsible Person, Office of the Children's Commissioner, Odborárske námestie 3, 811 07 Bratislava
Security of processing of personal data
In accordance with the provisions of Section 39 of Act No. 18/2018 Coll., the controller is responsible for the security of the processing of personal data. For this purpose, he/she shall take appropriate technical, organisational and personnel measures corresponding to the manner in which personal data are processed. The security measures shall also include a set of permitted and prohibited activities in the processing of personal data. Prohibited ways of processing personal data in processing operations ( acquisition, disclosure, transmission, transfer, access, etc.).
Unauthorised processing activities include :
- Providing information by telephone which contains personal data of data subjects - in this case it is not possible to verify the identity of the person to whom the information is provided
- Receiving or sending emails which include personal data of data subjects in unencrypted, non-pseudonymised or otherwise secured form- direct contravention of the requirements of Section 39 of Act No. 18/2018 Coll.
- An exception to the unauthorised processing activities is telephone or e-mail communication by authorised persons with data subjects - minors or their legal or legal representatives in acute cases where there is a reasonable fear of serious physical or psychological harm to the minor - child
Permitted processing activities in the processing of personal data :
- Personal contact by the data subject or the data subject's legal representative at the controller's premises with authorised persons of the controller or in the performance of work activities by an authorised person of the controller outside the controller's premises
- Postal service
- Courier service
- Mail communication with encrypted or pseudonymised personal data, together with verification of the identity of the sender/receiver by means of a guaranteed electronic signature
- Communication via the web form on komisarpredeti.sk
Applications for employment:
In the case of sending Job Applications by applicants for specific job offers, the same conditions for the processing operation of sending applications as defined in the above cases apply. The permitted scope of the personal data of the applicant provided in the application is as follows - title, first name, surname, permanent address, telephone and e-mail contact, year of birth, educational attainments and specialised courses, course of previous employment, personal skills for the job position. Applicants must not attach any photocopies of documents or personal data in excess of the information requested. Otherwise, such data or documents will not be processed further and will be discarded and destroyed. In the event of accidental sending of applications for employment by various means of transmission (electronically, by postal service, in person), such documents containing personal data will be treated as junk mail and will not be further processed but destroyed.
Provision of information and personal data to other public authorities or persons
When providing information and personal data from the information systems of the Office of the Children's Commissioner, the controller shall always comply with the relevant law.
If incorrect, incomplete or outdated personal data or unlawful provision or disclosure of personal data occurs, the controller shall inform without undue delay the recipients of the personal data to whom such personal data have been provided or disclosed.
Transfer of personal data to third countries
Personal data shall not be transferred to third countries.
Exercise of the rights of data subjects
A data subject is a natural person to whom personal data processed in the information systems of the controller relate. Data subjects are natural persons exercising their rights (minor children, legal representatives of minor children, parents, siblings, complainants).
The data subject is entitled to exercise his/her rights on the basis of a written request, namely:
- Request access to your personal data,
- to request rectification of your personal data,
- request the erasure of your personal data,
- request restriction of processing,
- object to processing,
- request the transfer of your personal data; and
- lodge a complaint or a petition to initiate proceedings under §100 with the Office for Personal Data Protection, Hraničná 12, Bratislava
Automated decision-making, including profiling in the processing of personal data
No automated decision-making, including profiling, takes place in the processing of personal data of data subjects in the information systems of the controller.